<?php
    require("../db.php");
	require("../configuracion.php");
    $username=trim($HTTP_POST_VARS['username']);
    $password=$HTTP_POST_VARS['password'];

  $username = str_replace("'", '',$username);
  $username = str_replace(";", '',$username);
  $username = str_replace("(", '',$username);
  $username = str_replace(")", '',$username);
  $password = str_replace("'", '',$password);


    $valido='FALSE';
    $password = md5($password);
    $query = "SELECT * FROM app_SysOperators WHERE username='" . $username . "' AND password='" . $password . "' AND id_SysUserStatus = 1 ;";
    $result = mssql_query ($query);
    $row = mssql_fetch_object($result);
    $id_SysOperator=$row->id_SysOperator;
    $nombreOperador=$row->nombreOperador." ".$row->paternoOperador;

    function randomkeys($length)
    {
        $pattern = '1234567890AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz';
        for($i=0;$i<$length;$i++){
        $key .= $pattern{rand(0,35)};
        }
        return $key;
    }



    if (($id_SysOperator<0 | $id_SysOperator=='')| $id_SysOperator=='NULL')
	{
        echo "<meta http-equiv='REFRESH' content='0; url=index.php'>";
	}
    else
    { $queryPerm  = "SELECT count(*) as permisos FROM app_SysSectionsOperators ";
	   $queryPerm .= "WHERE (id_SysSection IN (0,200)) AND (id_SysOperator = '$id_SysOperator'); ";
       $resultPerm = mssql_query ($queryPerm);
  	   $rowPerm = mssql_fetch_object($resultPerm);
       $permisos = $rowPerm->permisos;

	   if ($permisos > 0) {


			  $listaPermisos = '';
			  $queryP  = "SELECT id_SysSection FROM app_SysSectionsOperators ";
			  $queryP .= "WHERE id_SysOperator='$id_SysOperator' ORDER BY id_SysSection";
			  $resP    = mssql_query ($queryP);
			  while ($rowP = mssql_fetch_object($resP)){
					$listaPermisos .= $rowP->id_SysSection . ',';
			   }

			  $listaPermisos = substr($listaPermisos, 0, strlen($listaPermisos)-1);

			   session_start();
			   $_SESSION['id_SysOperator'] = $id_SysOperator;
			   $_SESSION['listaPermisos']    = $listaPermisos;
			   $_SESSION['username']       = $username;
			   $_SESSION['name']       	   = $nombreOperador;
			   $_SESSION['validado']       = 'TRUE';
			   $_SESSION['Name_C3'] = $appkey;
			   $_SESSION['Name_Login'] = "C3Admin";

			   // Registro en la Bitacora
			  $accesosesion  = $id_SysOperator;
			  $accesosesion .= 200;
			  $acceso = strval($accesosesion);
			  $acceso = md5($acceso).'|'.randomkeys(16);
			  $queryINS = "INSERT INTO app_SysAccessLogs
			   (id_SysOperator, sysSection, operatorSession, IPaddress, referrer, browser_type,fechaAccess) VALUES
        	   ($id_SysOperator, 200,'$acceso' ,'".$_SERVER['REMOTE_ADDR']."','".$_SERVER['HTTP_REFERER']."','".$_SERVER['HTTP_USER_AGENT']."', getdate())";
               $rsINS = mssql_query($queryINS);

			   echo "<meta http-equiv='REFRESH' content='0; url=indexAdmin.php'>";
        }
        else
              echo "<meta http-equiv='REFRESH' content='0; url=index.php'>";
    }
?>
